Anthropic quietly shipped the most significant enterprise governance upgrade in Claude's history on July 2, and buried inside the announcement is a deadline: if your organization needs to control employee-level visibility into AI usage data, you have until July 11 to act.
Most enterprise software governance updates are incremental — another setting, another checkbox. This one is different because it directly addresses the three complaints IT leaders have been raising since day one of enterprise AI adoption: we can't see where the money is going, we can't control which models employees are using, and we have no reliable way to stop runaway spending before it becomes a budget crisis.
These controls matter now for a specific reason. Enterprise AI spending has crossed a threshold where it demands the same governance rigor as any other material line item. One large organization reportedly burned through $500 million in a single month on AI services — not because of a strategy gone wrong, but because no usage controls were in place. That's an extreme case, but the underlying pattern is common enough that Forrester is projecting enterprises will defer 25% of planned AI spending to 2027 as CFOs demand clearer financial accountability before releasing more budget.
If your organization is using Claude Enterprise and you haven't configured the controls Anthropic shipped this week, here's what you need to do — and why you need to do it before July 11.
Why This Update Landed Now
Before getting into the five configurations, it's worth understanding what drove this release.
Gartner's April 2026 data found that only 28% of AI use cases fully succeed and meet ROI expectations, while 20% fail outright. Of the remainder, most deliver partial value that is difficult to quantify and even harder to defend in a budget review. The organizations that are maintaining or growing their AI investment aren't necessarily the ones with the best technology — they're the ones with the best governance.
CFOs have become the swing vote in enterprise AI budgeting. When a CFO asks how much the organization is spending on AI and what it's producing, the answer can't be "we think it's working." It needs to be supported by data, broken down by team, and tied to measurable outcomes. Until this update, Claude Enterprise administrators had limited tools to answer that question precisely.
The July 2 controls give IT and finance leaders the infrastructure to build an accountable AI program — not just a deployed one.
1. Set Spend-Threshold Alerts Before July 11
The most immediately actionable control is spend alerting, and it requires no strategic planning — just configuration.
Starting July 11, Anthropic is changing a default that every Claude Enterprise admin needs to know about: individual usage analytics for organization members will switch from off by default to on by default. That means employee-level AI usage data — which employees are using Claude, how much, and on what — will be visible to administrators unless explicitly configured otherwise before that date.
For most organizations, this visibility is a feature. Understanding which teams are driving usage, which individuals are getting the most value, and where adoption is lagging is essential for running an effective AI program. But regulated industries — financial services, healthcare, legal — may have internal policies that treat employee AI usage data with additional sensitivity, particularly if Claude is being used for tasks that touch client or patient information.
If you're in a regulated sector, review your internal data governance policies now. Determine whether member-level usage visibility aligns with your existing obligations, and configure accordingly before July 11.
For spend alerts specifically: Anthropic now lets you set notifications at 75% and 90% of your organizational budget cap. Individual users receive in-app alerts at 75% and 95% of their personal limits, with a built-in mechanism to request additional allocation from their administrators.
What to do: Log into your Claude Enterprise admin console. Set organizational budget caps. Enable spend alerts at both 75% and 90% thresholds. This takes under five minutes and gives you the early warning system that prevents budget surprises from becoming board-level conversations.
2. Configure Model-Level Entitlements by Role
This is where the real cost optimization lives.
Not every employee needs Claude's most capable — and most expensive — model tier for every task. A finance analyst running routine data summarization has different requirements than a data scientist building multi-step agentic workflows. A customer success manager drafting follow-up emails doesn't need the same model tier as a security engineer analyzing logs. Before this update, the choice was essentially binary: everyone gets access to all models, or you manage it through slow procurement controls.
Model-level entitlements change this by giving administrators granular control over which Claude models are accessible to which users. Specifically, you can now set:
- Default models for routine work across Claude chat, Cowork, and Claude Code
- Role-specific access that restricts or expands model availability for specific SCIM groups
- Organization-wide defaults that apply universally unless overridden by a more specific role assignment
In practice, most enterprises find that three tiers cover the majority of their use cases: standard users on the default mid-tier model, power users and analysts with access to the full Claude family, and AI engineering teams with unrestricted access including early previews.
The cost impact is meaningful. Premium model usage typically costs 3 to 10 times more per token than the standard tier. If 70% of your organization's Claude usage consists of routine summarization, drafting, and Q&A work that the standard tier handles perfectly well, restricting those users to cost-appropriate models reduces your AI spend without reducing productivity.
What to do: Map your employee groups to their actual AI use cases. Define three to four model access tiers. Configure entitlements in the admin console under Model Access Settings, then test with a pilot group before rolling out org-wide.
3. Sync Your Identity Provider via SCIM
Model entitlements are only as useful as the groups they're applied to, and manually managing groups for hundreds of employees is unsustainable. Anthropic now supports SCIM synchronization from Okta, Azure Active Directory, and other major identity providers.
What this means operationally: your existing HR and IT workflows — onboarding, offboarding, role transitions — automatically propagate to Claude without manual intervention. When an engineer moves from an individual contributor role to a team lead, their Claude access updates automatically. When someone leaves the organization, they're deprovisioned from Claude immediately, not when someone remembers to submit a ticket.
This matters for governance as much as cost control. Audit findings consistently flag orphaned AI access as a risk — active accounts belonging to former employees or employees in roles that no longer require that access level. SCIM integration closes that gap systematically, which is increasingly important as compliance teams start including AI access in their standard audit scope.
The role-based access introduced in April 2026 adds a further layer: administrators can create custom roles that define specific access to Claude capabilities, tools, and file permissions, then assign those roles to SCIM-managed groups. The combination of SCIM provisioning and role-based access creates an AI governance model that mirrors the identity governance practices your organization already has in place for other enterprise software.
What to do: Enable SCIM provisioning in your identity provider for the Claude Enterprise application. Map your existing group structure to Claude access roles. Run a test with a small group first. SCIM setup is a one-time investment with ongoing automatic maintenance — prioritize it accordingly.
4. Connect the Analytics API to Your Compliance Infrastructure
This is where the update becomes significant for organizations under active regulatory scrutiny or governance pressure from their board.
The Claude Enterprise Analytics API provides organization-wide data on engagement, adoption, and costs across all Claude products — chat, projects, and Claude Code — with data available back to January 1, 2026. The new Enhanced Analytics Dashboard that shipped July 2 breaks this down by SCIM group and individual user, showing artifacts created, files edited, and tools and connectors used.
The Compliance API provides programmatic, real-time access to usage logs and conversation content, enabling integration with existing monitoring infrastructure — whether that's Splunk, Datadog, Microsoft Sentinel, or a purpose-built GRC platform.
For organizations with mature compliance programs, this isn't optional — it's a requirement. If your organization has an AI use policy (and if you're using Claude Enterprise at scale, you should), you need the technical infrastructure to verify that the policy is being followed. The Compliance API makes that possible without building custom monitoring tooling from scratch.
For a CIO presenting to the board, this changes the narrative. Instead of "we're investing X in Claude," the answer becomes "here's what we're spending, which teams are driving that spend, what they're producing, how it maps to our approved use cases, and here's our monitoring infrastructure to verify ongoing compliance."
What to do: Only the primary organization owner can generate Analytics API keys, which are scoped to read:analytics. Enable this capability first. If you already have a monitoring infrastructure, build the integration. If you're starting from scratch, begin with the built-in Analytics Dashboard to establish your usage baseline before investing in custom integrations.
5. Set Per-User Spending Limits for Claude Code
Claude Code requires a separate cost governance approach because its usage patterns are fundamentally different from conversational AI.
In standard Claude chat, usage is naturally constrained by human interaction speed. In Claude Code, autonomous agents run multi-step workflows that can execute dozens of tasks without active user involvement. An engineer sets an agent running on a codebase refactor, walks away, comes back three hours later to find the agent has completed 60 tasks and consumed a significant portion of the team's monthly allocation. That's the technology working as designed — but without per-user limits, it creates budget variability that is difficult to forecast and harder to explain.
Anthropic now supports per-user monthly spending limits specifically for Claude Code, separate from the org-wide cap. This allows fine-grained control: senior engineers and platform teams with large-scale automation needs get higher personal limits; developers onboarding to Claude Code get conservative initial limits that expand as usage patterns are established and understood.
The per-user limit mechanism also integrates with the spend alerting from Configuration 1: users receive in-app notifications when approaching their personal Claude Code limit, with a built-in request mechanism to get temporary or permanent increases from their administrator. This reduces the friction of governance — users are informed rather than blocked, and increases require human approval rather than automatic escalation.
What to do: Determine your per-user Claude Code budget by role tier. Start conservative — limits are easy to increase, and beginning with generous limits creates audit questions about why the initial ceiling was set so high. Set limits in the admin console under Usage Controls → Claude Code.
The Bottom Line for CIOs and CFOs
Anthropic's July 2 update delivers the governance infrastructure that enterprise AI programs have been missing. Model entitlements control cost routing. Spend alerts provide early warning. Analytics APIs provide the audit trail. SCIM integration automates governance at scale. Per-user Claude Code limits address the specific risk profile of agentic AI.
For CIOs: these five configurations represent two to three hours of admin work that eliminates entire categories of risk — budget surprises, audit findings, and compliance questions about AI usage visibility.
For CFOs: the Analytics and Compliance APIs are what allow you to answer board questions about AI spending with data rather than estimates. If your AI program doesn't have this visibility infrastructure, you're managing a material cost center without standard financial controls.
The July 11 deadline on the analytics default change is the near-term forcing function. Use it to get the full configuration done, not just the one change.
Enterprise AI governance isn't a one-time project — it's an operational discipline that needs to evolve as your AI usage scales. These controls give you the foundation to build that discipline systematically.
Follow the conversation on LinkedIn or Twitter/X. What governance controls has your organization put in place for enterprise AI at scale?
